- Home
- CVEs with nessus.description==According+to+the+versions+of+the+parallels-server-bm-release+%2F+vzkernel+%2F+etc+packages+installed%2C+the+Virtuozzo+installation+on+the+remote+host+is+affected+by+the+following+vulnerabilities+%3A%0A%0A++-+A+flaw+was+found+in+the+Linux+kernel%27s+handling+of+++++packets+with+the+URG+flag.+Applications+using+the+++++splice%28%29+and+tcp_splice_read%28%29+functionality+can+allow+++++a+remote+attacker+to+force+the+kernel+to+enter+a+++++condition+in+which+it+can+loop+indefinitely.%0A%0A++-+It+was+discovered+that+a+remote+attacker+could+leverage+++++the+generation+of+IPv6+atomic+fragments+to+trigger+the+++++use+of+fragmentation+in+an+arbitrary+IPv6+flow+%28in+++++scenarios+in+which+actual+fragmentation+of+packets+is+++++not+needed%29+and+could+subsequently+perform+any+type+of+++++a+fragmentation-based+attack+against+legacy+IPv6+nodes+++++that+do+not+implement+RFC6946.%0A%0A++-+It+was+found+that+the+blk_rq_map_user_iov%28%29+function+in+++++the+Linux+kernel%27s+block+device+implementation+did+not+++++properly+restrict+the+type+of+iterator%2C+which+could+++++allow+a+local+attacker+to+read+or+write+to+arbitrary+++++kernel+memory+locations+or+cause+a+denial+of+service+++++%28use-after-free%29+by+leveraging+write+access+to+a+++++%2Fdev%2Fsg+device.%0A%0A++-+A+flaw+was+found+in+the+Linux+kernel%27s+implementation+++++of+the+SCTP+protocol.+A+remote+attacker+could+trigger+++++an+out-of-bounds+read+with+an+offset+of+up+to+64kB+++++potentially+causing+the+system+to+crash.%0A%0A++-+A+flaw+was+found+in+the+Linux+networking+subsystem+++++where+a+local+attacker+with+CAP_NET_ADMIN+capabilities+++++could+cause+an+out-of-bounds+memory+access+by+creating+++++a+smaller-than-expected+ICMP+header+and+sending+to+its+++++destination+via+sendto%28%29.%0A%0A++-+It+was+found+that+when+file+permissions+were+modified+++++via+chmod+and+the+user+modifying+them+was+not+in+the+++++owning+group+or+capable+of+CAP_FSETID%2C+the+setgid+bit+++++would+be+cleared.+Setting+a+POSIX+ACL+via+setxattr+sets+++++the+file+permissions+as+well+as+the+new+ACL%2C+but+++++doesn%27t+clear+the+setgid+bit+in+a+similar+way.+This+++++could+allow+a+local+user+to+gain+group+privileges+via+++++certain+setgid+applications.%0A%0A++-+It+was+found+that+when+the+gcc+stack+protector+was+++++enabled%2C+reading+the+%2Fproc%2Fkeys+file+could+cause+a+++++panic+in+the+Linux+kernel+due+to+stack+corruption.+This+++++happened+because+an+incorrect+buffer+size+was+used+to+++++hold+a+64-bit+timeout+value+rendered+as+weeks.%0A%0A++-+A+race+condition+flaw+was+found+in+the+ioctl_send_fib%28%29+++++function+in+the+Linux+kernel%27s+aacraid+implementation.%0A++++A+local+attacker+could+use+this+flaw+to+cause+a+denial+++++of+service+%28out-of-bounds+access+or+system+crash%29+by+++++changing+a+certain+size+value.%0A%0A++-+When+creating+audit+records+for+parameters+to+executed+++++children+processes%2C+an+attacker+can+convince+the+Linux+++++kernel+audit+subsystem+can+create+corrupt+records+which+++++may+allow+an+attacker+to+misrepresent+or+evade+logging+++++of+executing+commands.%0A%0A++-+A+flaw+was+discovered+in+the+way+the+Linux+kernel+dealt+++++with+paging+structures.+When+the+kernel+invalidated+a+++++paging+structure+that+was+not+in+use+locally%2C+it+could%2C+++++in+principle%2C+race+against+another+CPU+that+is+++++switching+to+a+process+that+uses+the+paging+structure+++++in+question.+A+local+user+could+use+a+thread+running+++++with+a+stale+cached+virtual-%3Ephysical+translation+to+++++potentially+escalate+their+privileges+if+the+++++translation+in+question+were+writable+and+the+physical+++++page+got+reused+for+something+critical+%28for+example%2C+a+++++page+table%29.%0A%0A++-+A+flaw+was+found+in+the+USB-MIDI+Linux+kernel+driver%3A+a+++++double-free+error+could+be+triggered+for+the+%27umidi%27+++++object.+An+attacker+with+physical+access+to+the+system+++++could+use+this+flaw+to+escalate+their+privileges.%0A%0ANote+that+Tenable+Network+Security+has+extracted+the+preceding+description+block+directly+from+the+Virtuozzo+security+advisory.%0ATenable+has+attempted+to+automatically+clean+and+format+it+as+much+as+possible+without+introducing+additional+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top